Social media has been a daily part of our world for almost two decades now, and we’ve gotten used to not thinking twice about the things we engage with. Unfortunately, not every post, quiz, or game is harmless. Some of them are bait.

What Are Security Questions?

Security questions are an older, but still pretty common, account security feature. Sometimes you need to answer them to log in to your account, while others only force you to use them if you’re trying to change your password, log in from a new device, or if they’ve detected repeated login failures using your password.

Why Using Password Hints Is a Terrible Idea

They’re not a great security feature, and they could make your account even more vulnerable to hackers.

Usually you pick your security answers when you originally create an account. It’ll be things like “Where were you born” or “What was your favorite food as a kid?”

These basic autobiographical facts are generally easy to remember because they’re innate to us and have been for most of our lives.

Unfortunately, they’re also vulnerable in a number of ways.

1. People that know you well might be able to guess them to bypass your security.
2. It is possible you’ve given them away without ever realizing it.

You can’t do a ton about the first problem, but there are a few easy steps to protect yourself from the second.

Don’t Give Away Security Question Answers

When details about your life are used to secure your accounts, you should protect those details from prying eyes as carefully as you would your password.

However, “engagement bait” lures us all into the trap of giving away our security answers.

What Is Phishing, and How Do You Avoid It?

Your inbox is hit by phishing scams nearly every single day. But what is phishing, really?

Posts That Encourage You to Share

Say you log onto Facebook and you see a post show up in your feed like “What Was Your Favorite Food as a Kid? My was my grandmother’s TURKEY.” Under the post, you see a picturesque turkey with warm lighting, evocative of the holidays. If you look carefully, the images attached to these posts tend to be AI-generated.

It has a bafflingly large number of comments; Thousands or even tens of thousands have chimed in with their favorite foods as a kid. If you answer, one of your security answers is now out in the wild.

These sorts of posts come in all shapes and sizes, but the recurring theme is that they tend to invite simple answers to biographical questions. Exactly the sort of thing you’d use for a security question. Whether it is the page runners scraping this data or a third party, it is a risk best avoided.

Avoid Quizzes

Quizzes were all the rage at one point. For a while there, it seemed like every person on the planet was studiously taking some sort of quiz, trying to determine exactly what kind of cheese they were, or figuring out which Disney princess you’d be best friends with.

However, the questions for such quizzes are also the kind you often encounter for security questions. You should stay away from them.

The rise of bots and AI-generated content has made this way worse than it used to be. Though it is difficult to prove, it seems likely many of these pages pumping out AI-generated engagement bait are also using bot accounts to artificially inflate their engagement numbers and draw more real people into the trap.

On every occasion I’ve seen one of these posts, a quick survey of the “people” posting reveals many of them to have AI-generated or generic pictures with no account details—likely bots.

AI Images Are Rampant on Facebook, Here’s How to Spot Them

There’s nothing to Like about the flood of AI-generated photos.

How to Protect Yourself

As with most things on the internet, the best safety recommendation is prevention. Don’t give up information publicly that could be used to fill in security questions.

Alternatively, you could create a fake persona and use the details of the person to fill in your security questions. That guarantees that no one, not even people in your real life, would be able to guess your questions, no matter how well they know you.

However, unless you carefully commit it all to memory, you could be in trouble—I still can’t remember my fake childhood nickname and have lost access to my Yahoo account as a result.

Security questions aren’t an ideal form of security anyway. If you can, you should use 2FA on every account. If you have the option to set up your 2FA with an authenticator app, you should do that rather than text 2FA (SMS). SMS 2FA isn’t secure, and it shouldn’t be used for secure communications if it can be avoided.

Microsoft Authenticator vs Google Authenticator: Which One Should You Use for 2FA?

Can’t decide which authenticator app to use? Don’t know what features you need?

You can’t do much to protect yourself against huge data leaks, but there are many things you can do to keep your individual accounts safe. That starts with never giving away sensitive information.